CobaltStrike teamserver [The Parallel GC can not be combined with -XX:ParallelGCThreads=0]错误修复

作者: RedFree 分类: CobaltStrike, JAVA, Metasploit 发布时间: 2017-05-16 20:58 ė6,274 次访问 6没有评论

问题:升级到1.8.0_131导致的Bug.

问题反馈地址:https://twitter.com/armitagehacker/status/856993860366602241

官方博客提供的解决方案:https://blog.cobaltstrike.com/2017/04/26/java-startup-bug-in-java-1-8u131/

在teamserver脚本中java执行命令后加上:-XX:ParallelGCThreads=8

原文:

If you recently updated your penetration testing environment, it’s
possible you were greeted with a special surprise. Cobalt Strike and its
team server will no longer start.

Instead of Cobalt Strike, you’re now greeted with this very intuitive and helpful error: The Parallel GC can not be combined with -XX:ParallelGCThreads=0.

I’ve had a few emails about this. My first answer: I have no idea
what that means. Now, I have an answer! This is a known bug in Java
1.8u131. This recent update to Oracle’s Java introduces a change that
breaks the -XX:+AggressiveHeap command line option
Cobalt Strike uses. This command line option is not uncommon in the Java
world and other applications are affected.

The Java team is aware of this bug
and it has a priority level 2. This is the level reserved for Crashes,
losses of data, and severe memory leaks. They’re taking it seriously and
I expect this problem to go away in a coming Java update.

On Linux, one way to work around this Oracle Java bug is to update the cobaltstrike and teamserver scripts to specify the -XX:ParallelGCThreads=8 option after the java command.

I advise that you stay away from Oracle Java 1.8u131. If you already updated to Java 1.8u131, then downgrade to Java 1.8u121.

What about OpenJDK? I continue to recommend Oracle’s
Java distribution for use with Cobalt Strike. Oracle’s Java
distributions go through a series of acceptance tests to make sure the
build is sane. This isn’t always the case with OpenJDK builds/packages.
This has led to serious issues in the past.


本文出自 RedFree's Blog,转载时请注明出处及相应链接。

本文永久链接: http://py4.me/blog/?p=540

发表评论

电子邮件地址不会被公开。

Ɣ回顶部